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(57) Abstract: An arrangement is disclosed for connecting mobile client devices MT to the Internet, or other IP based networks, 
using WP AN and WLAN infrastructures or certain cellular systems like GPRS. This is achieved substantially seamlessly by pro- 
viding a .outing mechanism (IP-IP Tunnel 14) that allows mobile client devices like Personal Digital I Assistants (PDAs) to connect 
to an application server 10 using a plurality of communications standards depending on the available mfrastrucmre. e^g. GPRS, 
IEEE802 1 lb or Bluetooth wireless standards. The arrangement proposed is a Layer 2 technique suitable for genera use ,n which 
the mobile client device MT and the server 10 are arranged in use to communicate at the network a " = °! 
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A METHOD AND SYSTEM FOR CONNECTING MOBILE CLIENT DEVICES TO THE INTERNET 



The present invention relates to Internet Protocol (IP) based communication 
arrangements and in particular, but not exclusively, to an Internet Protocol based 
communication arrangement in which an Internet Protocol compatible network can be 
accessed substantially seamlessly using a plurality of communications standards. 
5 Connectivity to the Internet, or another IP-based network, can be achieved by 

client devices such as Personal Digital Assistants (PDAs), laptops and mobile phones using 
different access networks such as Wireless Local Area Networks (WLAN), Wireless Personal 
Area Networks (WPAN) or cellular systems like Generalized Packet Radio System (GPRS). 

The rapid diffusion of wireless access technologies (DEEE802.1 1, Bluetooth™ 
10 and GPRS) makes it possible for portable/mobile client devices like PDAs to be connected to 
services on the Internet while in an office or on the move. While combined products like 
WLAN/GPRS cards are appearing, seamless roaming across different technologies is still 
uncommon. 

Some devices do, however, already have the capability of using more than one 
1 5 wireless communications standard or network to gain access to the Internet. One example is a 
GPRS phone with Bluetooth support: when used inside a building, Bluetooth network access 
points can forward traffic between the mobile phone and the Internet, while the GPRS 
standard offers the same functionality outdoors at a lower speed. This trend is predicted to 
continue, as more wireless standards are likely to become available that offer diversified 
20 characteristics and costs. The Internet or other IP-based networks will thus be accessed by a 
variety of wireless devices that need to be connected and reachable. 

The Internet Engineering Task force (IETF) is developing protocols for 
mobility of Internet hosts, as discussed in: 

(1) IETF Mobile IP WG, http://www.ietf.org/htmLcharters/mobileip- 

25 charter.html 

(2) K. El Malki et al., "Low Latency Handoffs in Mobile IPv4", 
http://www.ietf.ore/inteme^ (work 
in progress) 
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(3) G. Dommeti et al., "Fast Handovers for Mobile IPv6", 
http://vywJetf-or^intemet-drafts/draft-ietf -mQbi1eip-fast-mipv6-0 (work in progress) 

These proposals are not finalized at the time of writing. Furthermore, the 
above protocols (Mobile IP and its improvements) will have to rely on lower layer 
5 capabilities, which are not standardized either. Mobile IP (1) is a protocol to support network 
mobility. Its main features are: 

1) Transparency for upper layer. 

2) Interoperability with IPv4: an application can transmit data to another one 
using IPv4 addresses only. 

1 0 3) Scalability: Mobile IP can work with a small LAN or a large WAN. 

4) Security: this protocol provides some instruments to authenticate the 
message and protect the data on the network. 

5) Macro-mobility: it works when the mobile terminal movements are not 
frequent, for instance it cannot efficiently support a mobile terminal that changes its access 

1 5 point every three minutes (typical value of GSM system). 

Mobile IP has been designed for large-scale mobility and is hence too complex 
to fit the needs of some vertical markets, e.g. where the application provider controls access 
to its services including authentication and authorization of clients. 

Generally speaking, mobility increases security risks that are already 

20 intrinsically present in the wireless access and in the Internet architecture. The terminal 

should ideally prevent unauthorized access to the server as well as attacks that result in denial 
of service. MIPv4 is not considered a secure solution since it is relatively easy to fake 
location binding updates, causing the traffic to be unduly redirected to a different client. 
Security can be enforced at different layers, from the link to the application layer, with 

25 different implications on the systems architecture, overall performance and complexity. 

It is an object of the present invention to provide improved Internet Protocol 
based communication arrangements and in particular, but not exclusively, to provide an 
efficient arrangement for mobile devices to switch from one network access standard to 
another depending on the available network infrastructure (either wireless or wired). 

30 Accordingly, the present invention provides a communications system 

comprising: 

a) an Internet Protocol compatible communications network; 
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b) a client device arranged in use to connect to said network in accordance 
with one of a plurality of communications standards and to change between said 
communications standards under predetermined circumstances; and 

c) a server arranged in use to couple to said network so as to communicate 

with said client device, 

wherein said client device and said server are arranged in use to communicate 
at the network layer through an Internet Protocol tunneling technique, such that an Internet 
Protocol address of said client device remains the same during a handover from a first said 
communications standard to a second said communications standard. Said communications 
standards may be wireless or wired standards and said client device may comprise a mobile 

or portable device. 

Said Internet Protocol tunneling technique may differentiate between an 
Internet Protocol address used to connect said client device to a subnet and an Internet 
Protocol address used to connect said client device to said server. 

Said Internet Protocol tunneling technique may encapsulate one Internet 
Protocol datagram within another Internet Protocol datagram. 

A server endpoint of said Internet Protocol tunneling technique may be 
substantially fixed and a client device endpoint may be changeable as a result of roaming. 

Said Internet Protocol tunneling technique may maintain one Internet Protocol 
address for applications and may rely on dynamically allocated Internet Protocol addresses 

for carriage of traffic. 

Network structure of bearers of at least two said communications standards 

may be generally unrelated. 

A said predetermined circumstance initiating a said change between said 
standards may comprise at least one of usage cost, bandwidth availability, received signal 
strength, link quality, link availability, signal-to-noise ratio, power consumption or explicit 
user intervention. 

A transition between two said communications standards may be performed 
with reconfiguration of the network layer. 

A link layer handover for each of two said communications standards, 
between said client device and a network unit such as an access point, may be unrelated at the 
driver level and said link layer handover may be performed independently for each said 
standard. 
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Said client device may be automatically assigned a new Internet Protocol 
address during a vertical handover between two said communications standards, for example 
during inter-subnet roaming. 

Preferably, no new Internet Protocol address may be assigned to said client 
5 device in the event that the or each network access point used by said client device before 
and after a said vertical handover between two said communications standards belong to the 
same Internet Protocol subnet. For example, in the event of intra-subnet roaming or in the 
event of a switch between a Wireless Personal Area Network (WPAN) and a Wireless Local 
Area Network (WLAN). When access points belong to the same LAN segment, the IP 
10 address of the device preferably remains unchanged. 

Said system may further comprise a routing manager adapted to monitor 
which one or more of said communications standards is available for use and to make 
decisions on switches between communications standards used based on said monitoring. 

Said routing manager may make a said decision on the basis of at least one of 
15 an input from a lower layer, on the location of said client device or on user requirements. 

Each said communications standard may access said network through an 
individual interface and said routing manager may be adapted to deactivate one or more of 
said interfaces at least temporarily under predetermined conditions, for example to achieve a 
power saving. 

20 Said system may further comprise a security arrangement adapted to allow 

only authorized client devices to access said network, said security arrangement preferably 
including one or more of the following: 

a) applications based on a secure data transfer such as Secure Socket Layer 

(SSL); 

25 b) location updates protected using secure data transfer such as Secure Socket 

Layer (SSL) applied to HyperText Transfer Protocol messages (HUPS); 

c) access to the network is controlled, e.g. involving user authentication and/or 
verification, an example would be access points connected to a RADIUS server and GPRS 
SIM card based security; and 

30 d) firewalls used whenever access networks for a said communications 

standard need to connect to the Internet, or other Internet Protocol based networks. 

A said communications standard may define a wireless access protocol. The 
wireless access protocol may be based on any suitable wireless access system, e.g. Frequency 
Division Multiple Access (FDMA), Code Division Multiple Access (CDMA), Time Division 
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Multiple Access (TDMA), Time Division Duplex (TDD), Orthogonal Frequency Multiple 
Access (OFDMA) or combinations of these such as CDMA/FDMA, CDMA/FDMA/TDMA, 
FDMA/TDMA. As a specific example, one of IEEE 802.1 lb, Bluetooth and GPRS may be 
selected. 

The present invention also provides a method of performing communication in 
an Internet Protocol compatible network, the method including: 

a) coupling a client device to said network in accordance with one of a 
plurality of communications standards and changing between said communications standards 
under predetermined circumstances; 

b) coupling a server to said network for communicating with said client 

device; and 

c) communicating between said client device and said server at the network 
layer through an Internet Protocol tunneling technique, keeping an Internet Protocol address 
of said client device the same while handing over from a first said communications standard 
to a second said communications standard. Said communications standards may comprise 
wireless or wired standards. 

The present invention also provides a software product having encoded 
thereon an executable program adapted to enable implementation of a method including the 
steps recited above in the method of the invention. 

The present invention also provides a client device for use in a system 
according to the present invention or in a method according to the present invention, said 
client device being adapted to communicate with said server in accordance with one of a 
plurality of communications standards and to change between said standards under 
predetermined circumstances, said communication being performed by means of an Internet 
Protocol tunneling technique, said client device preferably comprising a mobile terminal such 
as a Personal Digital Assistant (PDA), a lap-top computer or a mobile telephone. 

The present invention also provides a server, for use in a system according to 
the invention or in a method according to the invention, said server being adapted to 
communicate with one or more said client devices in accordance with one of a plurality of 
communications standards and to control changes between said standards under 
predetermined circumstances, said communication being performed by means of an Internet 
Protocol tunneling technique. 
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Figure 1 is a schematic overview of a communications system according to an 
embodiment of the invention; 

Figure 2 is a block diagram of the system of Figure 1 ; 

Figure 3 is a schematic diagram of an Internet Protocol tunneling technique 
5 (IP-IP Tunnel) employed in an embodiment of the present invention; 

Figure 4 is a class diagram of the main functional blocks in a system according 
to an embodiment of the present invention; 

Figure 5 is a sequence diagram of initial access by a client device to a server 
of the system of Figure 1; and 
1 0 Figure 6 is a sequence diagram of a vertical handover between 

communications standards employed in the system of Figure 1. 

The present invention will now be described with reference to certain 

1 5 embodiments and with reference to the above mentioned Figures. Such description is by way 
of example only and the present invention is not limited thereto. The term "comprising", e.g. 
in the claims, does not exclude other elements or steps and the indefinite article "a" or "an" 
before a noun does not exclude a plurality of the noun unless specifically stated. With respect 
to several individual items, e.g. a channel decoder, channel equalizer, or items given an 

20 individual function, e.g. a channel decoding means, channel equalizing means, the invention 
includes within its scope that a plurality of such items may be implemented in a single item, 
e.g. in a processor with relevant software application programs to carry out the function. 

In the present invention reference is made to a client device arranged in use to 
connect to a network in accordance with one of a plurality of communications standards. The 

25 term "plurality of communications standards" when referred to a client device means to a 
skilled person a multi-mode terminal. Such a multi-mode terminal could be a PDA with a so- 
called combination chipset or "combo" card, i.e. a card that provides the functionality to the 
device of Bluetooth, IEEE802.1 lb and GSM/GPRS transceivers. A "standard" used in 
communications arrangements may comprise a technical guideline advocated by a recognized 

30 organization, which may comprise for example a governmental authority or noncommercial 
organization such as the IETF, ETSI, ITU or IEEE, although not limited thereto. Standards 
issued or recommended by such bodies may be the result of a formal process, based for 
example on specifications drafted by a cooperative group or committee after often intensive 
study of existing methods, approaches and technological trends and developments. A 
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proposed standard may later be ratified or approved by a recognized organization and 
adopted over time by consensus as products based on the standard become increasingly 
prevalent in the market. Such less formal setting of a "standard" may further encompass 
technical guidelines resulting from implementation of a product or philosophy developed by 
5 a single company or group of companies. This may particularly be the case if, through 
success or imitation, such guidelines become so widely used that deviation from the norm 
causes compatibility problems or limits marketability. The extent to which a piece of 
hardware conforms to an accepted standard may be considered in terms of the extent to 
which the hardware operates in all respects like the standard on which it is based or designed 
10 against. In reference to software, compatibility may be considered as the harmony achieved 
on a task-orientated level among computer elements and programs. Software compatibility to 
a standard may therefore also be considered the extent to which programs can work together 
and share data. 

Referring to the Figures, according to the present invention a user equipment 

1 5 is provided with mobility, i.e. it may be represented by a mobile terminal MT, able to connect 
to a well-known and properly configured server 10 through multiple communications 
standards, as might be found in certain vertical market contexts (e.g. financial institutes). The 
wireless access protocol may be based on any suitable wireless access system, e.g. Frequency 
Division Multiple Access (FDMA), Code Division Multiple Access (CDMA), Time Division 

20 Multiple Access (TDMA), Time Division Duplex (TDD), Orthogonal Frequency Multiple 
Access (OFDMA), Coded Orthogonal Frequency Multiple Access (COFDMA) or 
combinations of these such as CDMA/FDMA, CDMA/FDMA/TDMA, FDMA/TDMA 
systems. As a specifically useful example, one of IEEE 802.11b, Bluetooth and GPRS may 
be selected. It will also be appreciated, however, that other wireless or wired standards 

25 (Ethernet, Token Ring) may be employed. General information on wireless protocols may be 
found in "OFDM for wireless multimedia communications", by Richard van Nee and Ramjee 
Prasad, Artech House, 2000; Wideband CDMA for third generation mobile 
communications", by Tero Ojanpeii and Ramjee Prasad, Artech House, 1998, "Personal 
Wireless Communication with DECT and PWT", by John Phillips and Gerard Mac Namee, 

30 Artech House, 1998, CDMA for wireless personal communications", by Ramjee Prasad, 
Artech House, 1996; Cordless telecommunications Worldwide", by Walter Tuttlebeee, 
Springer, 1997 and similar standard texts. 

The present invention provides a routing solution for seamless standards 
switching between different interfaces on the client device MT. The problem involves up to 
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three OSI layers (PHY, Link Layer and Network). The embodiments discussed herein will 
concentrate on mobility support in a restricted scenario in which control by the service 
provider reaches, besides the client device MT equipped with the three above-mentioned 
standards, an end server 10 from where data contents are retrieved or where proxy techniques 

5 can be implemented. This server 10 may then provide full access to the Internet or other IP- 
based network, along with billing, collection of statistics, firewalling and authentication. 

In a typical embodiment, the server can be reached using Wireless LAN 
infrastructure or Bluetooth access points while in the corporate office, or cellular access like 
GPRS or UMTS while on the move. The client device may be a mobile terminal in the form 

10 of a Personal Digital Assistant (PDA) or PocketPC (TM), in which case Bluetooth access 
may be preferable to WLAN because of power consumption issues while GPRS can always 
be an available backbone where no other access points provide radio coverage. The network 
that connects the access points in the corporate scenario may include several IP subnets 
connected together by routers (optionally by a Virtual private Network (VPN) on the public 

1 5 Internet). The point of connection of the corporate network to the Internet (ingress router) is 
preferably always protected by one or more software and/or hardware firewalls and the 
mobile terminal should preferably take consequent limitations into account without requiring 
any special policy in the firewall configuration. In the corporate infrastructure, a RADIUS 
server may be used to control access of mobile terminals. It is also assumed that a DHCP 

20 infrastructure may be deployed, so that mobile terminals can be assigned a leased IP address. 
In the user's terminal, the criteria used to select one wireless access technology instead of 
another may vary depending on usage scenarios. The user may for example set his preference 
using a dedicated configuration tool in the mobile terminal. 

Referring now in particular to Figure 1 , a client device that is under the control 

25 of a mobile end user is equipped with a number of three different wireless technologies: 
IEEE 802.1 lb, Bluetooth and GPRS, that is it is a multi-mode user equipment. The client 
device has mobility and is preferably portable by the user and will be referred to for 
convenience as a mobile terminal MT. The skilled person will appreciate that for mobility, 
portability is not a necessary requirement. On the mobile terminal MT, applications such as 

30 web browsers connect via a communications protocol, especially a layer 1 or layerl/layer2 
protocol, e.g. a standard TCP/IP protocol, to a fixed server 10 that is under administrative 
control by a service provider. Depending on predetermined conditions, which might include 
location, bandwidth requirements and power consumption, the mobile terminal MT may want 
or need to switch between these plurality of different wireless interfaces, or such interfaces as 
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might be appropriate for a different wireless or wired standards being used for this 
embodiment. 

Bluetooth™ is indicated when low power requirements are the main constraint 
and when mobility area is bounded, e.g. to an office environment. A useful discussion of 
5 Bluetooth™ communications can be found in text book form in ''Bluetooth™, Connect 
Without Wires" by Jennifer Bray and Charles F. Sturman, published by Prentice Hall PTR 
under ISBN 0-13-089840-6. 

IEEE 802.1 lb is more suitable when wider access is needed in office or 
building neighborhoods and higher bandwidth is desirable. General information on wireless 
10 LAN protocols and systems may be found in "Wireless LANs", by Jim Geier, Macmillan 
Technical press, 1999. When wireless LAN resources are not available, (e.g. neither 
Bluetooth™ nor IEEE 802.1 1 lb), then GPRS connectivity must be used. 

The present invention allows seamless transition between these wireless 
technologies without the need for upper layer reconfiguration and preferably without 
1 5 affecting performance significantly. This means the following is preferably implemented: 

(i) Vertical handover support (Link Layer mobility) 

(ii) IP Mobility support (Network mobility) 

IP mobility support is currently the subject of intense research and many 
proposals have been discussed in standardization groups. Up until now, however, none of 

20 them have gained widespread acceptance and none are available universally to date. To this 
end, it is proposed to offer a solution that involves only the mobile terminal MT and the 
server 10. The intermediate network does not require special or extra features to implement 
the present invention, except for ordinary automatic network configuration protocols such as 
DHCP and PPP dynamic address configuration for GPRS. 

25 Referring now also to Figure 2, a mobile terminal MT wants to connect to the 

Internet or other IP-based network while moving among areas covered by WPAN, WLAN 
and cellular systems. With reference to the term "LAN" it will be appreciated by the skilled 
person that any of the embodiments of the present invention may be implemented with a 
shared resources network of which LAN (Local Area Network), MAN (Municipal Area 

30 Network), WAN (Wide Area Network), PAN (Personal Area Network), CAN (Controller 
Area Network) are all examples and are included within the scope of the present invention. 
Once the mobile terminal MT has an ongoing session with a server in the network, the 
session must not be interrupted when the mobile terminal MT switches from one access 
system to another. Existing TCP/IP sessions must be prevented from stalling, e.g. stopping 
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such that user intervention is needed to resume. When the vertical handover is performed, the 
mobile terminal MT will most likely be assigned a new IP address, except in the particular 
case of a WPAN/WLAN switch where access points AP belong to the same BP subnet. It can 
be noted here that a portion of a network that shares a common address component may be 
referred to as such a subnet. On TCP/IP networks, subnets are defined as all devices whose IP 
addresses have the same prefix. 

The problems to solved by the present invention can therefore be summarized 

by the points below: 

1. sensing the presence of a different wireless network infrastructure; 

2. deciding when to perform the vertical handover; 

3. reconfiguring the wireless hardware so that the new wireless infrastructure 

is used; 

4. registering with the new network (including AAA); 

5. getting a new IP address, if necessary; 

6. handling the routing of IP packets through the new access network and 
access point AP through proper signaling at the network layer; 

7. reconfiguring the wireless network interface so that the new standard is used 
to connect to the Internet and the new IP address is used; and 

8. security protection should guarantee that only authorized devices can use 
the service and should also prevent all denial of service attacks. Only authorized clients 
should be allowed to access the service and, once connected, they should be protected against 
eavesdropping, redirection of traffic, man-in-the-middle and as many other kinds of security 
attacks as possible. 

The present invention focuses on the routing issues of the client/mobile device 
and on security (points 3, 4, 5 and 8), basically at the network layer of the OSI protocol stack. 
An assumption is made that the lower layers, i.e. the wireless network interfaces, are 
supporting the remaining points. 

Generally speaking, handover techniques for devices that exploit the Internet 
protocols concern the Link and the Network OSI levels. These give rise to two different 
mobility problems that will be treated separately. In a scheme according to an embodiment of 
the present invention, a mobile terminal MT can connect to a server 10 located in the Internet 
or other IP based network by means of a plurality of wireless technologies, which in this 
embodiment are, for instance: Bluetooth™, D5EE802.1 lb and GPRS. The network structures 
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of the three bearers are generally unrelated. This holds true for GPRS, while Bluetooth™ and 
IEEE802.1 lb may coexist on the same core network. 

Link Layer Mobility 

With regard to Link Layer mobility, Link Layer handover among units (MT, 
AP) configured with the same wireless technology is assumed to be already implemented by 
the underlying technology. More precisely: 

(1) Bluetooth™: Bluetooth Link Level mobility between Bluetooth access 
points is being standardized and will be part of a future version of the PAN profile. 

(2) IEEE 802.1 1 : The IEEE standard specifies the basic message formats to 
support roaming at the link layer, but everything else is left up to network vendors. 

(3) GPRS: Roaming within GSM cells is entirely managed by the service 
bearer and the mobile terminal MT is considered to be "Always ON". 

These three handover solutions are completely unrelated to each other at the 
driver level and they work independently. Switching between different technologies (Vertical 
Handover) is necessary when the mobile terminal MT enters an area that provides a more 
convenient technology in terms of cost, bandwidth or power requirements, or when the 
technology that is being used is no longer available (e.g. out of range). So, these two things 

have to be defined: 

- Link availability test procedures. 

- Technology switching policies. 

Regarding the first point, techniques that could allow access point detection 
have to be introduced. Some agent able to constantly monitor different technologies 
availability and inform the appropriate software module has to be deployed. The technologies 
involved are very different and the link availability test procedure problems are hence 
addressed in completely different ways. 

Regarding the second point, technology switching is performed according to 
link quality and availability, together with other parameters such as power consumption 
constraints. The assumption is made that each wireless interface can be in one of two states, 
ON or OFF and that it is possible to query the radio link quality and retrieve parameters such 
as the received signal strength or signal-to-noise ratio or other indicators. A dedicated agent 
(RM: Routing Manager) just above the driver decides which technology has to be used on the 
basis of the inputs from the lower layers, on the location of the device and/or on user 
requirements. The Routing Manager RM may also decide to temporarily de-activate some 
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wireless interfaces for power saving. The present invention proposes the allocation of a 
distinct interface for each of the three wireless devices. As will be seen later, this solution 
simplifies some of the issues that arise when dealing with the network mobility. 

In the simplest scenario, access points AP of the same radio technology are 
5 located on the same subnet. Eventually, Bluetooth and 802.1 1 access points AP share the 
same LAN. More complicated environments that include multiple subnets are much trickier 
to manage because of the need for higher network mobility protocols that are described in the 
following sub-section. 

Network Mobility 

I o m a scenario involving roaming with multiple wireless technologies available, 

four scenarios can be identified: 

1. Intra-Subnet homogeneous roaming. 

2. Inter- Subnet homogeneous roaming. 

3. Intra- Subnet heterogeneous roaming. 
1 5 4. Inter- Subnet heterogeneous roaming. 

Intra-Subnet roaming exists if the mobile terminal MT remains bounded 
within the same IP subnet i.e. the access points AP and the mobile terminal MT roaming 
between them belong to the same IP subnet and behave like bridges. In this case, the mobile 
terminal MT is not assigned a new IP address when its network attachment point changes. 
20 Inter-Subnet roaming exists if the contrary holds. 

Homogeneous roaming means that there is no technology switching involved, 
i.e. the bearer does not change during the handover. Heterogeneous roaming requires wireless 
technology switch during handover. 

The different roaming categories are summarized by the table below, together 
25 with the actions performed in each case by the mobile terminal MT. 
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INTER-SUBNET 


INTRA-SUBNET 


HOMOGENEOUS 
(HANDOVER) 


Link_Request_Access (MT) 
DHCP_Discover(MT) 
DHCP_Request (MT) 
Config IP Address (MT) 
Configure Tunnel (MT, 
SERVER) 


Link_Request_Access (MT) 
DHCPJDiscover(MT) 


HETEROGENEOU 
S 

(VERTICAL 
HANDOVER) 


Link_Request_Access (MT) 
DHCP_Discover (MT) 
DHCP_Request (MT) 
Config IP Address (MT) 
Configure Tunnel (MT, 
SERVER) 


Link_Request_Access (MT) 
JL>riCr _L>iscover ^jvl i j 
DHCP_Request (MT) 
Config IP Address (MT) 
Configure Tunnel (MT, j 
SERVER) 



Table 1 : Handover categories 



Intra-subnet homogeneous handover requires no reconfiguration of network 
5 protocols, since the bearer lower layers solve the handoff at the link layer. 

Inter-Subnet homogeneous roaming is somewhat more complex: level two 
roaming is again performed by the bearer as before, but there is now the need to re-configure 
the client's IP address in order to be able to communicate within the new subnet. A new IP 
address therefore has to be assigned automatically to the mobile terminal MT. While a new 
1 0 IP address allows communication towards the new subnet, the end-to-end IP communication 
between the mobile terminal MT and the server 10 is severely affected, since applications 
cannot have knowledge of the mobile's IP address change, neither at the mobile side nor at 
the server side. In this case IP connectivity is lost and running applications must be restarted 
in order to communicate with the new IP address. Solutions that are able to maintain the 
1 5 same mobile terminal IP address even when performing Inter-Subnet roaming should 

preferably be found. 

Intra-Subnet heterogeneous roaming does not need IP reconfiguration since 
access points AP are configured as bridges, but a technology switch causes the MAC 
address of the wireless card used in the mobile terminal MT to change. This may 
20 necessitate refreshing the mobile terminal's ARP entry on the first-hop router ARP 

table. Also the link Maximum Transmission Unit (MTU) may change. 
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Inter-Subnet heterogeneous roaming is similar to the second scenario, except 
that the underlying technology changes. The problem from the network layer point of view is 

however the same. 

A proposed embodiment of the present invention 
5 If the mobile terminal MT moves within the same subnet only, no problems 

arise since its IP address does not need to change and end-to-end communication with the 
server 10 is always possible. When switching between two technologies, the MAC address of 
the network interfaces changes. 

Network layer roaming gets difficult when the mobile terminal MT crosses 
1 0 different subnets, either maintaining the same technology (homogeneous) or switching 
between two different technologies (heterogeneous). In fact, when mobile terminal MT 
moves between access points AP that serve two different IP subnets, two mandatory 
requirements clash with each other: 

1. The mobile terminal MT needs to obtain a new IP address to participate in 

15 the new subnet. 

2. The mobile terminal MT needs to maintain same IP address to keep 
connectivity with the server 10 (as seen by the application). 

Differentiating between the IP addresses used to connect to the subnet and the 
IP address used to connect to the server 10 and using the so-called "IP in P tunneling" the 
20 problem can be solved. This technique includes encapsulating an IP datagram in another IP 
datagram. Before illustrating the solution the following terminology should be introduced for 
IP addresses: 

- IP BEARER. This is the IP addresses that the wireless connectivity bearer 
automatically assigns to the mobile terminal MT. 

25 -IP CLIENT: Belongs to the mobile terminal MT. The IP address the 

applications communicate with. It is assigned by the server 10 and never changes during 

roaming or switching. 

- JP_SERVER: Belongs to the server. It is the address the applications use to 

communicate with the client MT. 
30 . ]p_TEP: Belongs to the server. The valid IP address the server is seen on the 

Internet or other IP network as the case may be. 

Their role in the IP-IP tunnel is depicted in Figure 3. The idea is to maintain 
application connectivity by means of the IP.CLIENT and IP_SERVER, which never change. 
The server 10, using a special protocol, assigns HMXIENT to the mobile. Traffic between 
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these two addresses is carried (or "encapsulated") in the IP communication between the 
tunnel end points. Server endpoint IPTEP is fixed, while client MT end-point may change as 
a result of Inter-Subnet roaming. Using this approach, it is possible to maintain the same IP 
address for applications, and rely on dynamically allocated IP addresses for traffic carrying. 

5 In Figure 4, a class diagram of the main functional blocks of the target system 

is depicted using standard Unified Modeling Language (UML) notation. The main classes, 
their methods as well as class relationships are shown. This diagram shows the main classes 
of the client-server system and is intended for the sole purpose of describing the main 
functional blocks of a design according to an embodiment of the present invention. On the 

1 0 left side are found the main client classes, the MobileNode, which represents the application 
and the ClientRouting class, which embeds all the functionality to handle the network and 
DLC layer issues, e.g. the IP-IP tunneling and the detection and management of available 
wireless infrastructures. In fact, this class exports methods to request access to a wireless 
network, to detect when a handover is needed, to receive information from the server 10 to 

1 5 setup the BP-IP tunnel and to actually configure tunneling. 

On the right side of Figure 4, the server side classes are depicted; in particular 
the ApplicationServer, the TunnelEndPoint and the AAAServer. The first is usually a Web 
server that is also able to run scripts and generate dynamic Web pages, but may also include 
features like e-mail exchange server or database access. The TunnelEndPoint class is used to 

20 set-up IP tunnel with mobile clients MT, while the AAAServer class performs 

Authentication, Authorization and Accounting of the mobile clients. It also assigns IP 
addresses that can be used by clients throughout a session. In the present embodiment it is 
suggested to use a simple Web-based AAA server, which controls the activation and 
configuration of the Tunnel Endpoint for a specific client. The other classes represent the 

25 Wireless access networks (e.g. Bluetooth, IEEE802.1 1 and GPRS), which all implement the 
Bearer interface. Finally an Internet class is also shown. 

The relationships among classes can be read as follows (from left to right). 
The MobileNode class uses ClientRouting to access a Bearer. The Bearer uses the Internet to 
connect to the TunnelEndPoint, which is used by the ApplicationServer. An AAAServer is 

30 associated with the a Tunnel Endpoint. 

The Mobile Terminal that wants to access the system contacts the AAAServer 
by requesting a specific dynamic Web page, the request being protected with SSL. An access 
script is then executed to control the client access rights. This step may include the 
authentication server to contact a specific database. Upon successful client authentication, the 
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AAAServer contacts the Tunnel Endpoint by means of a proprietary protocol and sets up the 
tunnel for the authenticated client. Finally the AAAServer returns a Web page to the client to 
indicate that the process has successfully completed. In this page the application IP address is 
returned as well, which the CiientRouting class can pick to setup the tunnel on the mobile 
5 terminal. 

Dynamic behavior of objects that implement these classes is detailed below by 
means of sequence diagrams for two cases: 

1. initial access of the mobile node to the service; and 

2. change of the wireless access network that is used by the mobile node to 
1 0 access the server through the Internet (i.e. the vertical handover itself). 

Initial access to the server 

Initial access to the server is shown in the time sequence diagram depicted in 
Figure 5 and includes the steps outlined below. 

1. Mobile terminal Link Layer detects wireless infrastructure (e.g. Bluetooth, 
1 5 EEEE802. 1 1 or GPRS) availability. Bluetooth is used in the example. 

2. Mobile terminal MT requests an IPBEARER address by means of the 
DHCP protocol or PPP in case of GPRS. 

3. Bearer's wireless infrastructure examines the request and offers host 
configuration information to the mobile terminal MT. 

20 4. Mobile terminal MT configures its wireless interface with the data provided 

by the wireless infrastructure. Mobile terminal MT is now able to establish direct 
communication with the server 10 with its newly assigned IP_BEARER address. 

5. Mobile terminal MT sends an HTTP request to the well-known AAAServer 
web server's address, using its new IPJBEARER. 

25 6. the AAA Server analyses the request and identifies the mobile terminal MT 

by means of an authentication protocol. 

7. If authentication succeeds, the IP_CLIENT address is computed and 
assigned to the mobile client. 

8. Server tunnel is set up 

30 9. End to end tunnel configuration is sent to the RM and 

10. Mobile terminal's tunnel is set up. 

11. Server's tunnel is set 

After the tunnel has successfully been set up, communication between the mobile terminal 
MT and the server 10 takes place between the fixed IP_CLIENT and OBSERVER. When 
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subnet switching is then performed, the tunnel end-points of the client MT and the server 
TEP are reconfigured while the EP_CLIENT address remains constant. 
Execution of a vertical handover 

When a vertical handover has to be executed, the sequence of operations 
depicted in Figure 6 is performed. The example that has been used refers to a mobile terminal 
MT using Bluetooth™, which exits a building and detects a GPRS network infrastructure. 

1 . A Routing Manager object (RM) detects that a new wireless infrastructure is 
available (GPRS) and the lower drivers (DLC) make a Link Layer connection available. 

2. An IP_BEARER_2 address is requested to the new detected infrastructure 
(GPRS network). 

3. The GPRS bearer authenticates and decides for the IP_BEARER_2 address 

to be assigned to the mobile terminal MT. 

4. The GPRS interface is automatically configured by means of PPP facilities. 

5. If handover is needed, 

6. tunnel is re-configured substituting the previous IP_BEARER address 
(EPBEARERJ3T) with the new one (BT_BEARER_2). 

7. Using DIRECT connection to the server 10 (i.e. using the new 
IP_BEARER_2 address), the mobile terminal MT informs the web-based authentication 
server that its tunnel re-configuration is needed, using a secure binding update message in the 

form of a HTTPS request. 

8. Web-based authentication server executes a script and updates the Tunnel 

Endpoint configuration for the mobile terminal MT. 

9. It then confirms a successful binding update back to the mobile client. 

10. Communication between IP_CLIENT and IP_SERVER is made available 
again using the new tunnel configuration. 

It should be noted that the Tunnel Endpoint should check client activity and, in 
case no traffic is generated for a specified amount of time, the tunnel should be deleted and 
the IP_CLIENT returned to the client addresses pool. 

The proposed solution therefore provides seamless roaming facilities between 
different wireless standards and different IP subnets in environments where a mobile terminal 
MT configuration is entrusted to a properly configured centralized server 10. No 
requirements are placed on wireless access networks themselves at all. The purpose of the 
centralized server 10 is to support mobility of clients MT by means of proper configuration 
of IP tunneling and to provide information retrieval through a common Web interface. 
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Authentication and security mechanisms can also be easily treated in this context. Compared 
to Mobile IP protocols, the proposed solution is less resource consuming and its 
implementation simpler. 

Security 

5 As far as security is concerned, the following mechanisms are included: 

- applications are based on a secure data transfer such as Secure Socket Layer 
(SSL) applied to Hypertext Transfer Protocol messages (HTTPS); 

- location updates are also protected using the same secure data transfer, e.g. 

HTTPS; 

! 0 . access to the wireless network may be controlled through standard 

mechanisms (e.g. access points AP connected to a RADIUS server and GPRS SIM based 
security); and 

- software or hardware firewalls are used whenever the access networks need 
to connect to the Internet, or other IP-based network as the case may be. 



15 



While the present invention has been particularly shown and described with 
respect to a preferred embodiment, it will be understood by those skilled in the art that 
changes in form and detail may be made without departing from the scope and spirit of the 
invention. 
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AAA 


Authentication, Authorization and Accounting 


ARP 


Address Resolution Protocol 


GPRS 


Generalized Packet Radio System 


HTTP 


Hypertext Transfer Protocol 


IETF 


Internet Engineering Task Force 


n> 


Internet Protocol 


LAN 


Local Area Network 


MAC 


Medium Access Control 


MT 


Mobile Terminal 


MTU 


Maximum Transmission Unit 


DAM 

FAN 




RM 


Routing Manager 


TCP 


Transmission Control Protocol 


TEP 


Tunnel End Point 


UDP 


User Datagram Protocol 


WLAN 


Wireless Local Area Network 


WPAN 


Wireless Personal Area Network 



WO 03/065682 PCT7IB03/00175 

20 

CLAIMS: 



1 . A communications system comprising: 

a) an Internet Protocol compatible communications network; 

b) a client device arranged in use to connect to said network in accordance 
with one of a plurality of communications standards and to change between said 

5 communications standards under predetermined circumstances; and 

c) a server arranged in use to couple to said network so to communicate with 
said client device, 

wherein said client device and said server are arranged in use to communicate 
at the network layer through an Internet Protocol tunneling technique, such that an Internet 
10 Protocol address of said client device remains the same during a handover from a first said 
communications standard to a second said communications standard. 

2. A system according to claim 1, wherein said Internet Protocol tunneling 
technique differentiates between an Internet Protocol address used to connect said client 

1 5 device to a subnet and an Internet Protocol address used to connect said client device to said 
server. 

3. A system according to claim 1, wherein said Internet Protocol tunneling 
technique encapsulates one Internet Protocol datagram within another Internet Protocol 

20 datagram. 

4. A system according to claim 1, wherein a server endpoint of said Internet 
Protocol tunneling technique is substantially fixed and a client device endpoint is changeable 
as a result of roaming. 

25 

5. A system according to claim 1, wherein said Internet Protocol tunneling 
technique maintains one Internet Protocol address for applications and relies on dynamically 
allocated Internet Protocol addresses for carriage of traffic. 
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6. A system according to claim 1 , wherein network structure of bearers of at least 

two said communications standards are generally unrelated. 

7 a system according to claim 1 , wherein a said predetermined circumstance 

5 initiating a said change between said standards comprises at least one of usage cost, 

bandwidth availability, received signal strength, link quality, link availability, signal-to-noise 
ratio, power consumption or user intervention. 

g. a system according to claim 1 , wherein a transition between two said 

1 0 communications standards is performed with reconfiguration of the network layer. 

9. a system according to claim 1 , wherein a link layer handover for each of two 
said communications standards, between said client device and a network unit such as an 
access point, is unrelated at the driver level and said link layer handover is performed 

1 5 independently for each said standard. 

10. A system according to claim 1 , wherein said client device is automatically 
assigned a new Internet Protocol address during a vertical handover between two said 
communications standards, for example during inter-subnet roaming. 

20 

11. A system according to claim 1 , wherein no new Internet Protocol address is 
assigned to said client device in the event that the or each network access point used by said 
client device before and after a said vertical handover between two said communications 
standards belong to the same Internet Protocol subnet, for example in the event of intra- 

25 subnet roaming or in the event of a switch between a Wireless Personal Area Network 
(WPAN) and a Wireless Local Area Network (WLAN). 

12. A system according to claim 1 , further comprising a routing manager adapted 
to monitor which one or more of said communications standards may be employed and to 

30 make decisions on switches between communications standards used based on said 
monitoring. 
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13. A system according to claim 12, wherein said routing manager makes a said 

decision on the basis of at least one of an input from a lower layer, on the location of said 
client device or on user requirements. 

5 14. A system according to claim 12, wherein each said communications standard 

accesses said network through an individual interface and said routing manager is adapted to 
deactivate one or more of said interfaces at least temporarily under predetermined conditions, 
for example to achieve a power saving. 

! 0 15. A system according to claim 1 , further comprising a security arrangement 

adapted to allow only authorized client devices to access said network, said security 
arrangement preferably including one or more of the following: 

a) applications based on a secure data transfer such as Security Socket Layer 

(SSL); 

1 5 b) location updates protected using a secure data transfer such as Security 

Socket Layer (SSL) applied to HTTP messages (HTTPS); 

c) access to the network is controlled, e.g. access points connected to a 
RADIUS server and GPRS SIM card based security; and 

d) firewalls used whenever access networks for a said communications 
20 standard need to connect to the Internet, or other Internet Protocol based network. 

16. A system according to claim 1 , wherein a said communications standard 

comprises one of IEEE 802.1 lb, Bluetooth™ and GPRS. 

25 17, A method of performing communication in an Internet Protocol compatible 

network, the method including: 

a) connecting a client device to said network in accordance with one of a 
plurality of communications standards and changing between said communications standards 
under predetermined circumstances; 
30 b) coupling a server to said network for communicating with said client 

device; 

c) communicating between said client device and said server at the network 
layer through an Internet Protocol tunneling technique, keeping an Internet Protocol address 
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of said client device the same while handing over from a first said communications standard 
to a second said communications standard. 

18. A software product having encoded thereon an executable program adapted to 
5 enable implementation of the steps: 

a) connecting a client device to said network in accordance with one of a 
plurality of communications standards and changing between said communications standards 
under predetermined circumstances; 

b) coupling a server to said network for communicating with said client 

10 device; 

c) communicating between said client device and said server at the network 
layer through an Internet Protocol tunneling technique, keeping an Internet Protocol address 
of said client device the same while handing over from a first said communications standard 
to a second said communications standard. 

15 

1 9. A client device for use in a system according to any one of claims 1 to 16 or in 
a method according to claim 17, said client device being adapted to communicate with said 
server in accordance with one of a plurality of communications standards and to change 
between said standards under predetermined circumstances, said communication being 

20 performed by means of an Internet Protocol tunneling technique, said client device preferably 
comprising a mobile terminal such as a Personal Digital Assistant (PDA), a lap-top computer 
or a mobile telephone. 

20. A server, for use in a system according to any one of claims 1 to 1 6 or in a 
25 method according to claim 17, said server being adapted to communicate with one or more 

said client devices in accordance with one of a plurality of communications standards and to 
control changes between said standards under predetermined circumstances, said 
communication being performed by means of an Internet Protocol tunneling technique. 
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